Discussion on "Generating TOTPs for CyberArk Privileged Session Manager Webapp Connectors using a PreConnect DLL"

Tim Schindler · 2023-10-12T15:59:35.960Z

With version 13.0 of CyberArk's Privileged Session Manager, as part of a Webapp PSM connector, you can inject a time-based one-time password. You can even store the secret for the TOTP in a separate account and link it as a logon account to secure it...

What is the generated TOTP ? Is it actually an OTP? You can see this by injecting the OTP into a field that isn’t obscured, like the username field.

Failing that, can you generate a valid TOTP manually with the secret stored as the logon account’s password (when you show/copy the secret out of CyberArk?) When you generate it manually, is it the same as what the Preconnect DLL generates ?

If you have the ability to do so, you can clone the example code from GitHub, add debug logging, and recompile.

Discussion

Generating TOTPs for CyberArk Privileged Session Manager Webapp Connectors using a PreConnect DLL

Responses(1)

Recent in Forum

Search Hashnode

Generating TOTPs for CyberArk Privileged Session Manager Webapp Connectors using a PreConnect DLL

Responses(1)

Recent in Forum